Threat_Remove Threats

MS Antispyware 2009

Posted by elise in Blog Tutorials on March 11th, 2009 | Leave a comment

TAGS: Antispyware, MS Antispyware 2009, Remove, Rogue Antispyware, Threat

What is MS Antispyware 2009?
MS Antispyware 2009 is a rogue anti-spyware program from the family of Pro AntiSpyware 2009. MS Antispyware 2009 usually advertises itself by exploiting Trojans, which display false security alerts claiming that your system is infected with virus and that you should launch MS Antispyware 2009 to protect your system.

Once MS Antispyware 2009 is installed onto your system, it will configure the registry to start scanning automatically whenever PC system starts up. After the scan, MS Antispyware 2009 will list various results that make you believe your computer is seriously infected. However, to remove those threats, you must purchase MS Antispyware 2009. These results, actually, are all fake and are only shown to frighten you into purchasing its full version.

Do you have MS Antispyware 2009?
If you have enough time and expertise, you can search your computer for MS Antispyware 2009 manually. However, it might take hours to find out all files of MS Antispyware 2009, and it is possible that MS Antispyware 2009 will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for MS Antispyware 2009
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual MS Antispyware 2009 removal instructions
WARNING: The manually removal method is for advanced users. MS Antispyware 2009 manually removal can be difficult and time-consuming. There is no guarantee that MS Antispyware 2009 can be completely removed, for there are hundreds of files generated when MS Antispyware 2009 installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for MS Antispyware 2009 removal manually:

Navigate and stop the MS Antispyware 2009 processes:
msas2009.exe

Navigate and delete MS Antispyware 2009 files:
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\msas2009.exe
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\BASE
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\DELETED
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\LOG
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\LOG\\20081214155256795.log
c:\\Documents and Settings\\All Users\\Application Data\\CrucialSoft Ltd\\MS AntiSpyware 2009\\SAVED %UserProfile%\\Start Menu\\Programs\\MS AntiSpyware 2009 %UserProfile%\\Start Menu\\Programs\\MS AntiSpyware 2009\\MS AntiSpyware 2009.lnk

Navigate and remove MS Antispyware 2009 registry keys
HKEY_CURRENT_USER\Software\CrucialSoft Ltd
HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “MS AntiSpyware 2009″

What are the symptoms of MS Antispyware 2009?

MS Antispyware 2009 may download and install without your knowledge or consent through a Trojan
MS Antispyware 2009 may display fake notifications and popups
MS Antispyware 2009 may turn user’s Internet browsing into an annoying activity
MS Antispyware 2009 may cause a system slowdown
MS Antispyware 2009 may decrease system performance

How do I keep away from MS Antispyware 2009
Once you have cleaned up MS Antispyware 2009, the most important point to prevent MS Antispyware 2009 and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against MS Antispyware 2009 and other malware:

Use a computer firewall
Confirm that you have downloaded all the latest critical security updates
Adjust Internet Explorer web browser’s security settings
Download and install anti-spyware protection, such as, Spyware Cease
Surf sites and download programs from the web sites you trust

What is Rogue AntiSpyware Program?
MS Antispyware 2009 is a type of Rogue AntiSpyware Program.

Rogue Anti-spyware Software is the software that uses malware to advise or install itself through other malicious viruses or security hole without your permission. Rogue software usually pops up fake system message such as “Warning, your computer is infected! Click here to scan your computer now!” Most of the time, when clicking the “OK” button on the dialog tab, users will be directed to an unknown website that may download more spyware threats. Sometimes, even clicking the close button on the top right may lead to the installation of the rogue software, for the button is actually a link.

With the purpose to trick innocent users into the action of paying, rogue software usually counterfeits exaggerated and fake system scanning results and scare users to pay for the removal of the never-existed spyware infections. In fact, the threat is the rogue software itself. Most of them come with a bundle of very harmful spyware programs that hidden in the files themselves.

Win32.Zafi.b

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on March 11th, 2009 | Leave a comment

TAGS: Remove, Threat, Win32.Zafi.B, Worm

What is Win32.Zafi.b?
Win32.Zafi.b is a worm threat that spreads through e-mail and p2p network. If your PC system is infected with Perfect Defender 2009, you may see the Win32.Zafi.b in the false system security alert message. As it is known, Perfect Defender 2009 is a rogue anti-spyware program that lures PC users into purchasing its full version, by showing up fake security scanning results and system warnings.

Win32.Zafi.b is a destructive worm that may prevent anti-virus and other security products from working normally. It may even disable the RegEdit, MSconfig, Task Manager, or launch a DoS attack against certain Hungarian web sites.

Do you have Win32.Zafi.b?
If you have enough time and expertise, you can search your computer for Win32.Zafi.b manually. However, it might take hours to find out all files of Win32.Zafi.b, and it is possible that Win32.Zafi.b will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Win32.Zafi.b
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Win32.Zafi.b removal instructions
WARNING: The manually removal method is for advanced users. Win32.Zafi.b manually removal can be difficult and time-consuming. There is no guarantee that Win32.Zafi.b can be completely removed, for there are hundreds of files generated when Win32.Zafi.b installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Win32.Zafi.b removal manually:

Navigate and stop the Win32.Zafi.b processes:
N/A

Navigate and delete Win32.Zafi.b files:
N/A

Navigate and remove Win32.Zafi.b registry keys
N/A

What are the symptoms of Win32.Zafi.b?

Win32.Zafi.b may change browser settings
Win32.Zafi.b may show commercial adverts
Win32.Zafi.b may connect itself to the internet
Win32.Zafi.b may hide from the user

How do I keep away from Win32.Zafi.b
Once you have cleaned up Win32.Zafi.b, the most important point to prevent Win32.Zafi.b and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Win32.Zafi.b and other malware:

Use a computer firewall
Confirm that you have downloaded all the latest critical security updates
Adjust Internet Explorer web browser’s security settings
Download and install anti-spyware protection, such as, Spyware Cease
Surf sites and download programs from the web sites you trust

What is Worm?
Win32.Zafi.b is a type of worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Worm.Win32.Mabezat.b

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on March 6th, 2009 | 2 Comments

TAGS: Spyware, Threat, Windows, Worm, Worm.Win32.Mabezat.b

What is Worm.Win32.Mabezat.b?
Worm.Win32.Mabezat.b is a polymorphic parasitic file infector of executable files that propagating itself by making use of removable media and shared folders in LAN. Meanwhile, Worm.Win32.Mabezat.b is a worm for the Windows platform that searches for executables on local drives and the network.

Worm.Win32.Mabezat.b usually copies itself into existing folders of removal drives. The used filenames are the followings:
Adjust Time.exe
AmericanOnLine.exe
Antenna2Net.exe
BrowseAllUsers.exe
CD Burner.exe
Crack_GoogleEarthPro.exe
Disk Defragmenter.exe
FaxSend.exe
FloppyDiskPartion.exe
GoogleToolbarNotifier.exe
HP_LaserJetAllInOneConfig.exe
IDE Conector P2P.exe
InstallMSN11Ar.exe
InstallMSN11En.exe
JetAudio dump.exe
KasperSky6.0 Key.doc.exe
Lock Folder.exe
LockWindowsPartition.exe
Make Windows Original.exe
MakeUrOwnFamilyTree.exe
Microsoft MSN.exe
Microsoft Windows Network.exe
msjavx86.exe
NokiaN73Tools.exe
Office2003 CD-Key.doc.exe
Office2007 Serial.txt.exe
PanasonicDVD_DigitalCam.exe
RadioTV.exe
Recycle Bin.exe
RecycleBinProtect.exe
ShowDesktop.exe
Sony Erikson DigitalCam.exe
Win98compatibleXP.exe
Windows Keys Secrets.exe
WindowsXp StartMenu Settings.exe
WinrRarSerialInstall.exe

Do you have Worm.Win32.Mabezat.b?
If you have enough time and expertise, you can search your computer for Worm.Win32.Mabezat.b manually. However, it might take hours to find out all files of Worm.Win32.Mabezat.b, and it is possible that Worm.Win32.Mabezat.b will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm.Win32.Mabezat.b
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm.Win32.Mabezat.b removal instructions
WARNING: The manually removal method is for advanced users. Worm.Win32.Mabezat.b manually removal can be difficult and time-consuming. There is no guarantee that Worm.Win32.Mabezat.b can be completely removed, for there are hundreds of files generated when Worm.Win32.Mabezat.b installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Worm.Win32.Mabezat.b removal manually:

Navigate and stop the Worm.Win32.Mabezat.b processes:
N/A

Navigate and delete Worm.Win32.Mabezat.b files:
N/A

Navigate and remove Worm.Win32.Mabezat.b registry keys
N/A

What are the symptoms of Worm.Win32.Mabezat.b?

Worm.Win32.Mabezat.b may spread via Trojans
Worm.Win32.Mabezat.b may install spyware to your computer
Worm.Win32.Mabezat.b may repair its files, spread or update by itself
Worm.Win32.Mabezat.b may violate your privacy and compromises your security

How do I keep away from Worm.Win32.Mabezat.b
Once you have cleaned up Worm.Win32.Mabezat.b, the most important point to prevent Worm.Win32.Mabezat.b and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm.Win32.Mabezat.b and other malware:

Use a computer firewall
Confirm that you have downloaded all the latest critical security updates
Adjust Internet Explorer web browser’s security settings
Download and install anti-spyware protection, such as, Spyware Cease
Surf sites and download programs from the web sites you trust

What is Worm?
Worm.Win32.Mabezat.b is a type of Worm.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Win32/Sality.AA

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Virus on March 6th, 2009 | 1 Comment

TAGS: Computer, Spyware, Threat, Virus, Win32/Sality.AA

What is Win32/Sality.AA?
Win32/Sality.AA is a polymorphic virus that infects Win 32 PE executable files, meanwhile, acting as a keylogger. This virus logs keystrokes to certain windows and certain information on the infected machine and all the collected data is periodically submitted to a remote site. Win32/Sality.AA can be spread through unsolicited spam email, corrupt p2p and freeware downloads or porn sites.

After installed onto PC system, Win32/Sality.AA may download adware, spyware and other malware threats and deliver corrupt files, such as scvhsot.exe, blastclnnn.exe, blastclnnn.exe and hinhem.scr, within the Windows Win directory.

Win32/Sality.AA is also known as W32/Sality [McAfee], Virus.Win32.Sality.aa [Kaspersky], W32.Sality.AE [Symantec], Virus: Win32/Sality.AM [MS OneCare], PE_SALITY.EM [Trend].

Do you have Win32/Sality.AA?
If you have enough time and expertise, you can search your computer for Win32/Sality.AA manually. However, it might take hours to find out all files of Win32/Sality.AA, and it is possible that Win32/Sality.AA will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Win32/Sality.AA
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Win32/Sality.AA removal instructions
WARNING: The manually removal method is for advanced users. Win32/Sality.AA manually removal can be difficult and time-consuming. There is no guarantee that Win32/Sality.AA can be completely removed, for there are hundreds of files generated when Win32/Sality.AA installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Win32/Sality.AA removal manually:

Navigate and stop the Win32/Sality.AA processes:
N/A

Navigate and delete Win32/Sality.AA files:
%System%\amvo.exe
%System%\blastclnnn.exe
%System%\scvhsot.exe
%Temp%\00055a0e_rar\scvhsot.exe
%Temp%\000592b2_rar\scvhsot.exe
%Temp%\0005934e_rar\hinhem.scr
%Temp%\0005938d_rar\blastclnnn.exe
%Windir%\hinhem.scr
%Windir%\scvhsot.exe
c:\rdsfk.com

Navigate and remove Win32/Sality.AA registry keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”[INFECTED FILE]” = “[INFECTED FILE]:*:Enabled:ipsec”
HKEY_CURRENT_USER\Software\[USER NAME]914
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify = dword:00000001
HKLM\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify = dword:00000001

What are the symptoms of Win32/Sality.AA?

Win32/Sality.AA may infect computer via spam e-mail, corrupt web sites and downloads third-party files through security holes
Win32/Sality.AA may change system tracks, creates popup ads equivalent browsing habits and collects system activity
Win32/Sality.AA may forward passwords, login names and other secret private information to outside hackers by avoiding antivirus and firewall programs

How do I keep away from Win32/Sality.AA
Once you have cleaned up Win32/Sality.AA, the most important point to prevent Win32/Sality.AA and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Win32/Sality.AA and other malware:

Use a computer firewall
Confirm that you have downloaded all the latest critical security updates
Adjust Internet Explorer web browser’s security settings
Download and install anti-spyware protection, such as, Spyware Cease
Surf sites and download programs from the web sites you trust

What is Virus?
Win32/Sality.AA is a type of Virus.

A virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

Packer.Malware.NSAnti.J

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats on March 3rd, 2009 | Leave a comment

TAGS: Malware, Packer.Malware.NSAnti.J, Remove, Spyware, Threat

What is Packer.Malware.NSAnti.J?
Packer.Malware.NSAnti.J is a hazardous program that applies the NSAnti packing method, which is specially designed to hide the real content of any software packed with it and to bypass anti-virus protection. Attackers who create malware always use this method to deliver their malicious programs. Packer.Malware.NSAnti.J is a malicious program and should be removed once found.

Do you have Packer.Malware.NSAnti.J?
If you have enough time and expertise, you can search your computer for Packer.Malware.NSAnti.J manually. However, it might take hours to find out all files of Packer.Malware.NSAnti.J, and it is possible that Packer.Malware.NSAnti.J will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Packer.Malware.NSAnti.J
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Packer.Malware.NSAnti.J removal instructions
WARNING: The manually removal method is for advanced users. Packer.Malware.NSAnti.J manually removal can be difficult and time-consuming. There is no guarantee that Packer.Malware.NSAnti.J can be completely removed, for there are hundreds of files generated when Packer.Malware.NSAnti.J installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Packer.Malware.NSAnti.J removal manually:

Navigate and stop the Packer.Malware.NSAnti.J processes:
N/A

Navigate and delete Packer.Malware.NSAnti.J files:
kavo0.dll
vf22e.dll
kavo1.dll
ntdelect.com

Navigate and remove Packer.Malware.NSAnti.J registry keys
N/A

What are the symptoms of Packer.Malware.NSAnti.J?

Packer.Malware.NSAnti.J may install without your knowledge or permission
Packer.Malware.NSAnti.J may track your surfing habits
Packer.Malware.NSAnti.J may bombard your PC with popup ads
Packer.Malware.NSAnti.J may modifie or hijacks your homepage and displays new desktop shortcuts
Packer.Malware.NSAnti.J may decrease the system performance

How do I keep away from Packer.Malware.NSAnti.J
Once you have cleaned up Packer.Malware.NSAnti.J, the most important point to prevent Packer.Malware.NSAnti.J and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Packer.Malware.NSAnti.J and other malware:

Use a computer firewall
Confirm that you have downloaded all the latest critical security updates
Adjust Internet Explorer web browser’s security settings
Download and install anti-spyware protection, such as, Spyware Cease
Surf sites and download programs from the web sites you trust

What is Spyware?
Packer.Malware.NSAnti.J is a Spyware.

Spyware is a program that gathers information and can be ‘silently’ installed and run in ‘stealth’ mode. This kind of software is used to gather information from a user’s machine, such as recorded keystrokes (passwords), a list of websites visited by the user, applications installed on the machine, the version of operating system, registry settings, etc.

Top Recommended